This line here is probably causing you the most problem.
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
In order to allow smb packets to be accepted you're going to need to open up the ports. The easiest way to do this (I believe) is to insert these 2 lines above the line listed above.
-A input -p tcp -s 0/0 -d 0/0 137:139 -y -j ACCEPT
-A input -p udp -s 0/0 -d 0/0 137:139 -y -j ACCEPT
(Restart ipchains: /etc/rc.d/init.d/ipchains restart)
I can't remember if you need the udp or not.
This is also opens you up to anybody. You'll probably want to insert the acutal ip addresses of your two other machines in there. This could be a problem though.
-A input -p tcp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT
-A input -p udp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT
...
One way to tell if you're got the smb ports locked down is to go to
http://www.grc.com from your linux machine.
Click Shields Up. It should tell you whether or not it can see your windows share. After you add the lines to open up the ports, go back to the site and try again. It should tell you the basic stuff like workgroup name.
You really should invest in some type of firewalling hardware/software, preferrably something that filter packets before they get to your machines.
James Hubbard
DJ Busch wrote:
After receiving no response to yesterday's message, I tried some more web scouring and more tinkering and dinking around with Samba...and I discovered what may be a major key to my problem...
I have 3 PC's...2 are Windoze and 1 is Linux. Windoze machines are likely to understand how to share files across subnets using the same workgroup name...but is Samba as adept? I have a feeling that is at the heart of my problem.
I enabled wins support in my smb.conf and assigned the Samba box's IP address as the primary wins server on the WFW box. I also set Samba to be the domain master browser according to the instructions in BROWSING.txt. All of this, alas, was useless as I still couldn't browse the Win-duhs shares from Linux or the Linux shares from Winduhs. I feel that I'm getting much closer to my goal (file sharing without using Windows) and would really appreciate any help any of you can offer.
Thanks in advance for any help you can provide.
DJ Busch
Here is my latest attempt at smb.conf:
[global]
workgroup = LEGEND
netbios name = LUKE
server string = Dave's Linux Experiment Gone Wrong
interfaces = eth0
bind interfaces only = Yes
security = SHARE
encrypt passwords = Yes
null passwords = Yes
log file = /var/log/samba/log.%m
debug level = 5
max log size = 50
; socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 2
lm announce = yes
preferred master = yes
domain master = yes
dns proxy = No
wins support = yes
guest account = doodles
hosts allow = ALL
hosts deny =
[homes]
comment = Home Directories
path = /home
read only = No
guest ok = Yes
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[hp]
path = /var/spool/samba
read only = No
guest ok = Yes
printable = Yes
printer name = hp
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
